01 August 2017

Don’t leave the governance of risk to a spreadsheet

By Phillip Mason, Software Director at IRM.

I’d like you to just take a step back and think about how you’re currently governing risk across your organisation. If you don’t have a dedicated solution for risk management and compliance, then my instinct is that it will be siloed – and you will have different use cases and approaches per department.

We at IRM see companies grappling with hundreds and in some cases thousands of suppliers struggling to adhere to the latest compliance standards. We also see many organisations trying to orchestrate and find visibility of their Endpoint solutions which is trying to keep their firewall safe. It’s all information they have to manually collate, analyse and assign a risk/compliance value to.

And usually these tasks are managed through manual processes like spreadsheets and/or email filing systems, or disparate systems that are not connected and are not talking to one another. However they remain a common way of managing and governing risk.

There is a common misconception that spreadsheets come with no cost, which is why many business leaders struggle to see the investment worth taking when it comes to purchasing a dedicated risk management and compliance solution. But spreadsheets can be just as expensive when you consider how much time and effort your skilled team are taking to manage and extract intelligence from it when they could be focusing that time and effort where it’s needed most.

While we can appreciate that automated solutions are not a silver bullet when it comes to cyber security and do come with a cost, with the right governance and commitment to improving processes these solutions can be easily adopted and scaled and will deliver short, medium and long term value.

Of course it’s easy to say this but how do they provide ‘true value’?

Well, this comes down to the visibility factor – think about how many of your departments are analysing suppliers’ compliance data? How many spreadsheets and reports do they have? Where do they save them and how do you get hold of them on a regular basis? Can you get them quick enough when the audit team arrives? Needless to say this becomes a genuine headache and a very complicated task to find answers. And when deadlines are missed and gaps are identified by audit, how can you report that you have an effective governance structure for managing risk?

And that’s where the true value is added. A solution where you can access everything through a simple login and click of a button significantly reduces your time chasing down departments for various reports and results, and relieves you of constantly managing spreadsheets of various degrees. It means you have the time to actually do your job – govern, analyse and manage risks, steer the business in the right direction and create a risk conscious culture throughout your organisation.

Risk Management is too important to be left to a spreadsheet. That should be down to you and your team.

IRM has built a cloud-based enterprise cyber GRC management platform that is implemented by our experienced consultants and sits alongside dedicated training and support. More information can be found here or you can get a no-obligations free demo by clicking here.